What will 2017 bring for your organisation? Unfortunately, there’s a strong likelihood that it will bring a costly cyberattack. The PwC Global Economic Crime Survey 2016 showed that 54% of U.S. firms said they’d been hit by cybercrime in the past two years. And the 11th annual Cost of a Data Breach Study found that the average consolidated cost of a single data breach has hit $4 million – up 5% from 2015. What’s more, the study put the chance of a data breach involving 10,000 or more records being lost or stolen from a company at 26%.
So, now is an appropriate time to look to the future and start preparing for what lies ahead. By examining the current and emerging key attack trends, you can put measures in place that will dramatically reduce your organisation’s chances of falling victim. Here’s our take on the five key trends for 2017 you should know.
When managing mobile, MDM is not enough
Cybercriminals recognise that mobile devices are one of the easiest routes into corporate networks. In a Ponemon Institute study of IT security professionals at Global 2000 companies, 67% said it was certain that their organisation had experienced a data breach resulting from employees’ use of mobile devices for work and reported that a single mobile device malware infection costs an average of US$9,485 in losses and remediation. Comprehensive security for mobile devices and endpoints must deal with challenges ranging from system vulnerabilities to root access and configuration changes, repackaged or fake apps to Trojans, malware and network attacks.
As such, a mobile device management (MDM) system, designed primarily to manage user permissions, is no longer enough.
Comprehensive mobile security management requires several building blocks. In particular, secure containers to prevent data leakage between business and personal applications hosted on the same device, and mobile threat prevention solutions, to protect against malicious app behaviors, are essential. The same known, unknown and even zero-day threats that threaten desktops and laptops now target mobile devices – they need to be protected with the same sophisticated security measures both when they leave the network, and when they are inside its perimeter.
Increasingly evasive malware, particularly ransomware
Malware is downloaded to corporate networks 971 times every hour, according to Check Point’s latest Security Report, from spam, targeted spear-phishing emails, infected websites and more. This is nine times more malware downloads than 12 months ago. This is happening for two key reasons. First, cybercriminals are becoming increasingly adept at ‘tweaking’ existing malware just enough for it to bypass the signature banks.
Second, some forms of malware, particularly ransomware, are initially injected into organisations via macros embedded in documents, small and innocuous enough to avoid detection, which then download the real ransomware payload once they have been activated on your network – making new ransomware a particularly insidious threat. In Check Point’s latest global threat index, the ‘Locky’ ransomware alone accounted for 6% of all malware attacks during September 2016. That’s over 40,000 organizations hit by ransomware.
Given this, businesses need to reinforce conventional antivirus products with more sophisticated techniques that block suspicious content based on its behaviour and source, rather than looking for a threat that has already been recognised.
Adapting security for the cloud
As cloud-based applications and services become an increasingly important part of many organisations’ IT ecosystems – a study of 500 companies by cloud host Rackspace found that on average, 43% of organisations’ IT estates are now in the cloud – securing corporate cloud environments is a key priority. In fact, security continues to top the list of challenges organizations face with cloud adoption, ranking above legal and regulatory compliance concerns as well as the risk of data loss.
Traffic patterns also change dramatically when businesses migrate applications and data to cloud environments. In virtualised or software-defined environments, up to 80% of network traffic travels internally between applications and various network sectors, and never actually crosses the network’s perimeter protections. As such, micro-segmentation, where different areas of the virtual network, workloads and applications are all logically grouped together and isolated from each other with internal security controls, is essential to protecting business-critical applications and data in cloud-based networks.
Threat prevention, not detection
Detecting threats after they’ve landed on your network is too late: you’re already been compromised. Therefore it’s critical to stop infections from taking hold on networks in the first place. Next-generation threat prevention solutions can stop new, unknown malware, using advanced sandboxing. This provides a safe environment outside your network that mimics an endpoint device, and tests traffic so that files containing malware are blocked before they enter the network.
Document sanitization solutions can also further reinforce defenses by removing active code, like malicious links and macros, from all incoming files.
A prevention, rather than detection approach to security is particularly relevant to IoT devices as highlighted by the recent large-scale DDoS attacks using infected IoT devices Given the sheer number of non-IT related devices on corporate networks, including cameras, printers and fax machines, a detection approach simply doesn’t give provide the ability to effectively secure a network.
For example, a detection strategy could allow an infection to flow across the network from a device such as a smart TV, where as a prevention approach provides greater protection to even the weakest spot in the enterprise security posture. So it’s critical to stop infections from happening in the first place.
Many of the biggest, most damaging recent cyberattacks, such as the theft of up to 21 million records from the U.S. Office of Personnel Management, began with social engineering. Sophisticated spear phishing attacks can be extremely convincing, tricking employees into giving up login credentials or personal data. Armed with these legitimate credentials, cybercriminals can have a free run of much of the corporate network – all while leaving little to no sign of malicious activity.
This happens at all levels of organizations, with ‘whaling’ attacks against C-level executives on the rise. This type of attack recently cost a global manufacturer over $40 million. And while accidents and mistakes can never be eliminated entirely, regularly-updated employee education about social engineering tactics can dramatically reduce the risk of an attack being successful.
In conclusion, cybercriminals have a vast array of tools and tactics, as well as time on their side. For them, achieving their goals is just a numbers game – it won’t be long before they find a victim. By noting these key trends and taking steps to factor them into your cybersecurity planning, you can significantly reduce the risk of your organization becoming that victim. That’s a worthwhile new year’s resolution for 2017.
- Spamhaus: Uptick in Tor-using botnets may force ISPs to block all Tor traffic
- Businesses hobbled by deficiencies in security resourcing as IoT-driven DDoS volumes surge
- Oracle’ CPU for January 2017 Facts and figures
- Cyber insurance is only part of the overall security equation
- The week in security: Trump’s tweeting raises security concerns; half of SMBs just pay ransomware fees
- The keys to stronger cyber security in 2017